Administering Windows Server Hybrid Core Infrastructure

Introduction to AD DS

Introduction to AD DS

• Define AD DS
• Define users, groups, and computers
• Define AD DS forests and domains
• Define OUs
• Manage objects and their properties in AD DS
• Module assessment

Manage AD DS domain controllers and FSMO roles

Manage AD DS domain controllers and FSMO roles

• Deploy AD DS domain controllers
• Maintain AD DS domain controllers
• Manage the AD DS Global Catalog role
• Manage AD DS operations masters
• Manage AD DS schema
• Module assessment

Implement Group Policy Objects

Implement Group Policy Objects

• Define GPOs
• Implement GPO scope and inheritance
• Define domain-based GPOs
• Create and configure a domain-based GPO
• Define GPO storage
• Define administrative templates
• Module assessment

Manage advanced features of AD DS

Manage advanced features of AD DS

• Create trust relationships
• Implement ESAE forests
• Monitor and troubleshoot AD DS
• Create custom AD DS partitions
• Module assessment

Implement hybrid identity with Windows Server

Implement hybrid identity with Windows Server

• Select a Microsoft Entra integration model
• Plan for Microsoft Entra integration
• Prepare on-premises Active Directory for directory synchronization
• Install and configure directory synchronization with Microsoft Entra Connect
• Implement Seamless Single Sign-On
• Enable Microsoft Entra login in for Windows VM in Azure
• Knowledge check 1
• Describe Microsoft Entra Domain Services
• Implement and configure Microsoft Entra Domain Services
• Manage Windows Server in a Microsoft Entra Domain Services environment
• Create and configure a Microsoft Entra Domain Services instance
• Join a Windows Server VM to a managed domain
• Module assessment

Deploy and manage Azure IaaS Active Directory domain controllers in Azure

Learn to deploy and manage Azure IaaS Active Directory domain controllers in Azure.

• Select an option to implement directory and identity services using Active Directory Domain Services in Azure
• Deploy and configure Active Directory Domain Services domain controllers in Azure VMs
• Install a replica Active Directory domain controller in an Azure VM
• Install a new Active Directory forest on an Azure VNet
• Module assessment

Perform Windows Server secure administration

Perform Windows Server secure administration

• Define least privilege administration
• Implement delegated privileges
• Use privileged access workstations
• Use jump servers
• Module assessment

Describe Windows Server administration tools

Describe Windows Server administration tools

• Explore Windows Admin Center
• Use Server Manager
• List Remote Server Administration Tools
• Use Windows PowerShell
• Use Windows PowerShell to remotely administer a server
• Module assessment

Perform post-installation configuration of Windows Server

Perform post-installation configuration of Windows Server

• List the available post-installation configuration tools
• Configure Server Core using Sconfig
• Use DSC to configure Windows Server
• Perform post-installation configuration with Windows Admin Center
• Configure a server with answer files
• Module assessment

Administer and manage Windows Server IaaS Virtual Machine remotely

Administer and manage Windows Server IaaS Virtual Machine remotely

• Select the appropriate remote administration tool
• Manage Windows Virtual Machines with Azure Bastion
• Create an Azure Bastion host
• Configure just-in-time administration
• Module assessment

Manage hybrid workloads with Azure Arc

Manage hybrid workloads with Azure Arc

• Describe Azure Arc
• Onboard Windows Server instances
• Connect hybrid machines to Azure from the Azure portal
• Use Azure Arc to manage Windows Server instances
• Restrict access with RBAC
• Module assessment

Just Enough Administration in Windows Server

Streamline the administration of your Windows Server environments with Just Enough Administration (JEA). Limit privileged operations to a set of specified PowerShell cmdlets, parameters and variables, and limit which users can connect to JEA endpoints. Constrain the level of privilege those users have when performing administrative tasks.

• Explain the concept of Just Enough Administration (JEA)
• Define role capabilities for a JEA endpoint
• Create a session configuration file to register a JEA endpoint
• Describe how JEA endpoints work to limit access to a PowerShell session
• Create and connect to a JEA endpoint
• Demonstration: Connect to a JEA endpoint
• Module assessment
• Summary resources

Configure and manage Hyper-V

Configure and manage Hyper-V

• Define Hyper-V
• Define Hyper-V Manager
• Configure Hyper-V hosts using best practices
• Configure Hyper-V networking
• Assess advanced Hyper-V networking features
• Define nested virtualization
• Module assessment

Configure and manage Hyper-V virtual machines

Configure and manage Hyper-V virtual machines

• List the virtual machine configuration versions
• List the virtual machine generation versions
• List available VHD formats and types
• Create and configure VMs
• Determine storage options for VMs
• Define shared VHDs and VHD Sets
• Implement guest clusters using shared VHDX
• Module assessment

Secure Hyper-V workloads

Secure Hyper-V workloads

• Define guarded fabric
• Define the Host Guardian Service
• Explore TPM-trusted attestation
• Define KPS
• Determine key features of shielded VMs
• Compare encryption-supported and shielded VMs in a guarded fabric
• Implement a shielded VM
• Module assessment

Plan and deploy Windows Server IaaS Virtual Machines

You're able to describe Azure compute and storage in relation to Azure VMs, and deploy Azure VMs by using the Azure portal, Azure CLI, or templates.

• Describe Azure compute
• Describe Virtual Machine storage
• Deploy Azure Virtual Machines
• Create a windows Virtual Machine using the portal
• Create a windows Virtual Machine using Azure CLI
• Deploy Azure Virtual Machines using templates
• Describe additional management optimization options
• Module assessment

Customize Windows Server IaaS Virtual Machine images

Learn to create new VMs from generalized images and use Azure Image Builder templates to create and manage images in Azure.

• Create a generalized image
• Create a new Virtual Machine from a managed image
• Create a managed image of a generalized virtual machine in Azure
• Create a Virtual Machine from a managed image
• Implement Azure Image Builder
• Create a windows Virtual Machine using Azure Image Builder template
• Create a Windows Virtual Machine with Azure Image Builder using PowerShell
• Module assessment

Automate the configuration of Windows Server IaaS Virtual Machines

Learn how to deploy Desired State Configuration (DSC) extensions, implement those extensions to remediate noncompliant servers, and use custom script extension.

• Describe Azure Automation
• Implement Azure Automation with DSC
• Remediate noncompliant servers
• Describe Custom Script Extensions
• Configure a Virtual Machine by using DSC
• Module assessment

Run containers on Windows Server

Run containers on Windows Server

• Define containers
• List the differences between containers and VMs
• Define Windows Server and Hyper-V containers and isolation modes
• Explore Docker
• Prepare a Windows Server 2019 host for container deployment
• Security, Storage, and Networking with Windows containers
• Module assessment

Orchestrate containers on Windows Server using Kubernetes

Orchestrate containers on Windows Server using Kubernetes

• Define orchestration
• Define Kubernetes
• Deploy Kubernetes resources
• Create a Kubernetes cluster on Windows
• Define Azure Arc
• Connect an Azure Arc-enabled Kubernetes cluster to Azure Arc
• Module assessment

Implement DNS for Windows Server IaaS VMs

Implement DNS for Windows Server IaaS VMs

• Understand Azure DNS
• Implement Azure DNS
• Create an Azure DNS zone and record using the Azure portal
• Implement DNS with Azure IaaS virtual machines
• Implement split-horizon DNS in Azure
• Troubleshoot DNS
• Module assessment

Deploy and manage DHCP

Deploy and manage DHCP

• Use DHCP to simplify IP configuration
• Install and configure the DHCP role
• Configure DHCP options
• Configure DHCP scopes
• Select DHCP high availability options
• Implement DHCP Failover
• Module assessment

Implement Windows Server DNS

Implement Windows Server DNS

• Explore the DNS architecture
• Work with DNS zones and records
• Install and configure the DNS role
• Implement DNS forwarding
• Module assessment

Implement IP Address Management

Implement IP Address Management

• Define IP Address Management
• Deploy IP Address Management
• Administer IP Address Management
• Configure IP Address Management options
• Manage DNS zones with IP Address Management
• Manage DHCP servers with IP Address Management
• Use IP Address Management to manage IP addressing
• Module assessment

Implement remote access

Implement remote access

• Examine the remote access options in Windows Server
• Select and set up VPNs
• Use NPS to create and enforce network access policies
• Plan and implement NPS
• Deploy a PKI for remote access
• Use WAP as a reverse web proxy
• Module assessment

Implement hybrid network infrastructure

You learn to connect your on-premises environment to Azure, implement subnets and routing between your on-premises and cloud environments, and ensure that workloads in the cloud and on-premises perform DNS resolution to locate each other.

• Describe Azure network topologies
• Implement Azure VPN options
• Create a route-based VPN gateway using the Azure portal
• Implement Azure ExpressRoute
• Configure Azure Virtual WAN
• Implement DNS in hybrid environments
• Module assessment

Implement Windows Server IaaS VM IP addressing and routing

Implement Windows Server IaaS VM IP addressing and routing

• Implement a virtual network
• Implement IaaS VM IP addressing
• Assign and manage IP addresses
• Configure a private IP address for a virtual machine using the Azure portal
• Create a virtual machine with a static public IP address using the Azure portal
• Implement IaaS virtual machine IP routing
• Implement IPv6 for Windows Server IaaS virtual machines
• Module assessment

Manage Windows Server file servers

Manage Windows Server file servers

• Define the Windows Server file system
• List the benefits and uses of File Server Resource Manager
• Define SMB and its security considerations
• Configure SMB protocol
• Define Volume Shadow Copy Service
• Module assessment

Implement Storage Spaces and Storage Spaces Direct

Implement Storage Spaces and Storage Spaces Direct

• Define the Storage Spaces architecture and its components
• List the functionalities, benefits, and use cases of Storage Spaces
• Implement Storage Spaces
• List the functionalities, components, benefits, and use cases of Storage Spaces Direct
• Implement Storage Spaces Direct
• Module assessment

Implement Windows Server Data Deduplication

Implement Windows Server Data Deduplication

• Define the architecture, components, and functionality of Data Deduplication
• Define the use cases and interoperability of Data Deduplication
• Implement Data Deduplication
• Manage and maintain Data Deduplication
• Module assessment

Implement Windows Server iSCSI

Implement Windows Server iSCSI

• List the functionalities, components, and use cases of iSCSI
• List the considerations for implementing iSCSI
• Implement iSCSI
• Configure high availability for iSCSI
• Module assessment

Implement Windows Server Storage Replica

Implement Windows Server Storage Replica

• List the functionalities and components of Storage Replica
• Examine the prerequisites for implementing Storage Replica
• Implement Storage Replica by using Windows Admin Center
• Implement Storage Replica by using Windows PowerShell
• Module assessment

Implement a hybrid file server infrastructure

Implement a hybrid file server infrastructure using Azure Files and Azure File Sync, and migrate SMB file servers to Azure.

• Describe Azure File services
• Configure Azure Files
• Configure connectivity to Azure Files
• Describe Azure File Sync
• Implement Azure File Sync
• Deploy Azure File Sync
• Deploy Azure File Sync 2
• Manage cloud tiering
• Migrate from DFSR to Azure File Sync
• Module assessment